EgyptAir Flight MS804: a Red Team Perspective

There are two “big picture” scenarios in which an explosive device could have been on the EgyptAir flight: It was either smuggled on the flight by someone onboard, or it was planted by someone with access to the plane. There are still two other possibilities that could have caused the flight to crash: pilot error, or a mechanical problem with the aircraft. Officials are reporting that the restroom smoke sensor detected smoke in the cabin just prior to the aircraft crashing. The origin of the fire is unknown, it could have been from a bomb or an electrical fire. Since there is no definitive evidence to indicate what caused the plane to crash, let’s look at the two theoretical bomb scenarios with a red team perspective.

Smuggling an explosive device aboard an aircraft is challenging, but not impossible since every airport worldwide has varying security standards. Once a weakness is found it can be exploited. Bribery or personal/official connections could temporarily alter security measures to allow a device past a security checkpoint and onto the aircraft. The shoe bomber, Richard Reid, made it past the same Paris airport security with his explosive device without being caught.

This is the shoe bomb used by Richard Reid.

Gaining access and planting the bomb seems to allow more flexibility to place the device in areas of the plane that are not as routinely checked. The EgyptAir flight made multiple stops prior to its final flight. Any one of those locations could have been compromised and allowed access to the plane. However, the longer the device is on the plane, the higher the chance there is to find it. Additionally, altitude and timing for the device would have to be taken into consideration if the location of the crash is significant.

If it was a bomb (either smuggled on board or placed by someone with special access) that brought the plane down, why has no one claimed responsibility yet? After MetroJet 9268 crashed in the Sinai Peninsula in October 2015, ISIS claimed responsibility within a few hours. Here are a couple generalized theories on why there is no claim yet: This could be the act of a lone-wolf bomber with no real affiliation to a group, who smuggled the bomb on board as a passenger or crew member. Another possibility is the person or people responsible are strategically embedded, and any effort to make a claim may compromise their access to other flights.

Why make a claim at all? If the plane is at the bottom of the Mediterranean Sea, the likelihood of finding real conclusive evidence is probably low. Sometimes the threat of a hidden enemy is greater than one that is known, especially in a case like this. If the goal is to disrupt normal life, kill, or create fear, remaining anonymous is a far more productive tool, particularly when we live in a world where people demand information almost instantly.

If I were to red team this in the traditional sense, gaining access to the flight line offers more options and maneuverability. Those responsible would remain anonymous as long as possible in order to repeat the event as many times as they are capable in order to truly disrupt flights regionally or even internationally. However, this is not the typical behavior of al Qaeda or ISIS as they need to make a claim to further their recruitment and generate funds for operations. With the territory lost in Syria and Iraq, this would be a key time that ISIS needs to prove that they are still lethal and capable of carrying out coordinated attacks.

Desiree Huitt is an Army Veteran serving 11 years as a Military Intelligence officer and prior to OCS as a combat medic. She is a graduate from the University of Texas in Austin with a Bachelor of Arts degree in Middle Eastern Studies.